Overall risk rating:

Reported detections:

System  impact:

Information exposure:

Description:

This hacking tool is a valid Digital Rights Management (DRM) software package developed by First 4 Internet Ltd. This software package is included as a copy protection mechanism for certain audio compact discs distributed by Sony BMG.

It works by applying a relatively new technology called rootkit technology. Rootkits are used to hide system information, such as running processes, files, or registry entries.

As a standalone application, it is non-malicious. However, certain malware applications use it to hide malicious files and autostart registry keys on the affected machine, thus making detection more difficult. As of this writing, the malware that utilize this tool are as follows:

• BKDR_BREPLIBOT.C
• BKDR_BREPLIBOT.D

The rootkit is installed in the $sys$filesystem subfolder in the Windows system folder using the file name ARIES.SYS. The said rootkit is then executed as a service by an installation package and is configured to execute at every system startup.

When active, it hides files, folders, and registry keys beginning with the string $sys$ in the Windows operating system. The mentioned routine prevents an affected user from viewing all files, folders, and registry keys that begin with the said string.

First 4 Internet Ltd has released a software update to remove this hacking tool. The update is available for download at http://updates.xcp-aurora.com/.

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov 17, 2005

Revision history: Nov 17, 2005 - Modified Virus Report
Nov 18, 2005 - Added Automatic Removal Instructions for Windows 2000, XP, and Server 2003 Nov 25, 2005 - Added fix tool